This paper explains why comparative test results based on static testing may seriously underestimate and misrepresent the detection capability of some products using proactive, behavioural techniques such as active heuristics and emulation.
First published in EICAR 2009 Conference Proceedings.

Second in a series illustrating innovative ways of teaching the concepts behind a major security issue, the paper illustrates how botmasters capture computers and “recruit” them into virtual networks to use them for criminal purposes.
First published in Virus Bulletin 2008 Conference Proceedings.*

Making anti-malware testers and certifying authorities pdf accountable for the quality of their testing methods and the accuracy of the conclusions they draw, based on that testing.
First published in 2008 Virus Bulletin Conference Proceedings.*

Tries to answer questions like; why is there so much confusion about naming malware? Is ‘Do you detect virus X?’ the wrong question in today’s threat landscape?
First published in Virus Bulletin 2008 Conference Proceedings.*

Evaluates research on susceptibility to phishing attacks, and looks at web-based educational resources such as phishing quizzes. Do phished institutions and security vendors promote a culture of dependence that discourages computer users from helping themselves?
First published in 2007 Virus Bulletin Conference Proceedings.*

Presents an overview of the evolution of malicious software, focusing on the objectives of this type of program to provide evidence for their predictions as to how it will evolve in the years to come.
Infosec Paris 2007